Gladiator Hosted Network Solutions Raising the Bar on Risk and Compliance: Hosted Network Services and your Cloud Service Provider.

Transcription

1 Gladiator Hosted Network Solutions Raising the Bar on Risk and Compliance: Hosted Network Services and your Cloud Service Provider. Presenter(s): Ray Kline - Gladiator Sales Engineering Jenny Roland-Vlach - Gladiator Compliance Analyst, Advanced Date: Thursday January 14 th 1:00PM CT Jack Henry & Associates, Inc.

2 Agenda Current State of IT Strategic IT Decisions Cloud Compliance Risk Mitigation What is a Cloud? JHA and the Cloud HNS Security Review HNS Services Overview HNS Disaster Avoidance

3 Current State of IT Seldom are business decisions made that do no involve IT Virtualization Storage Area Networks Unified Communications Continuous Data Protection WAN Optimization Doing more with less Big data

4 Network Lifecycle ANALYZE HARDWARE REFRESH REGULATORY BURDEN SECURITY PURCHASE MANAGE & MAINTAIN

5 IT Challenges for the Industry Business Continuity & Disaster Avoidance IT Regulatory Compliance Attracting & retaining qualified IT personnel Managing the technology lifecycle IT is changing faster than ever before Cybersecurity & patch management Ability to quickly respond to changing market needs for new products & services Increasing bank user & customer demands 24/7/365 support Unbudgeted Capital Expense

6 Strategic IT Decisions CORPORATE RISK Security Business Continuity REGULATORY COMPLIANCE KEY PERSONNEL Security Electronic and Physical System Security Compliance Regulatory Compliance BCP Business Continuity

7 Strategic IT Decisions CORPORATE RISK Security Business Continuity REGULATORY COMPLIANCE KEY PERSONNEL

8 Strategic IT Decisions CORPORATE RISK Security Business Continuity LENDING 56% REGULATORY COMPLIANCE REGULATORY COMPLIANCE RISK 39% 50% KEY PERSONNEL AUDIT COMPLIANCE BUSINESS DEVELOPMENT 22% 31% MERGERS AND ACQUISITIONS 21% GOVERNANCE 21% TECHNOLOGY 12% OTHER 10% COMPENSATION 7% 0% 10% 20% 30% 40% 50% 60% On what issues is your board spending the most time? Respondents were asked to select up to three. Bank Director 2015

9 Cloud Computing and Compliance Compliance is often unintentionally deferred Remaining focused on compliance and risk management ensures that new technologies and services will be implemented correctly and efficiently Senior Management personnel must help to keep the focus on compliance and risk management efforts These efforts will factor into determining cybersecurity maturity levels

10 Strategic IT Decisions CORPORATE RISK Security Business Continuity LENDING 40% REGULATORY COMPLIANCE KEY PERSONNEL OTHER TECHNOLOGY AND/OR RISK MANAGEMENT 18% 13% 39% COMPLIANCE 12% HUMAN RESOURCES 9% MARKETING 6% UNSURE 1% 0% 10% 20% 30% 40% 50% Bank Director 2015 In which areas did the FI lose key executives in 2014? Respondents were asked to select all that apply. Only those who indicated their FI lost executive personnel in 2014 were asked to respond.

11 Who are We? Gladiator Network Services is a division of ProfitStars, a Jack Henry & Associates Company Gladiator Network Services is specifically focused on providing: Secure, reliable network services to financial institution clients Server and desktop virtualization solutions The ability to outsource these IT and infrastructure resources to our private cloud environment Hosted Network Services (HNS) LANdscape

12 Why is Gladiator a Good Partner? Nationally recognized 24/7/365 Managed network security services provider (MSSP) Division of ProfitStars, a Jack Henry & Associates Company Experts in regulatory requirements for financial institutions Over 1,000 FI s customers monitored and growing 2 Redundant Security Operations Centers

13 TECNOLOGY NEEDS BUSINESS NEEDS What is the Gladiator HNS LANdscape? HNS is a unique approach to outsourcing the IT LANdscape that focuses on your business needs as well as your technology needs. Legal & Regulatory Audit & Reporting Net Value Disaster Avoidance Scalability Compliance Availability & Access Physical Security Electronic Security

14 What is a Cloud?

15 Journey to the Cloud

16 What is a Cloud? Big Idea: RISK AVOIDANCE Lower your risk profile with HNS JHA's Hosted Network Solutions (HNS) is a hosted computing service model that enables FI's to seamlessly move IT infrastructures to the JHA "cloud" to leverage its many benefits and reduce the associated risks of on-premise hardware. By moving your infrastructure to JHA s private cloud, you can transfer management responsibilities to the trusted advisers and engineers at JHA. This allows you to free internal IT resources to focus on more strategic initiatives and at the same time lower your FI s Risk profile.

17 What is a Cloud? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Simplification: A pool of resources that provides what you need, where you need it, when you need it with a reduced management burden.

18 What is a Cloud?

19 FI s and the Cloud DUE DILIGENCE A financial institution s use of third parties to achieve its strategic plan does not diminish the responsibility of the board of directors and management to ensure that the third-party activity is conducted in a safe and sound manner and in compliance with applicable laws and regulations. Outsourcing to a cloud service provider can be advantageous to financial institutions because of potential benefits such as cost reduction, flexibility, scalability, improved load balancing, and speed. Before approving any outsourcing of significant functions, it is important to ensure such actions are consistent with the institution s strategic plans and corporate objectives approved by the board of directors and senior management. (Source:

20 Cloud Compliance-Vendor Management Standard due diligence requirements apply, but additional factors have to be considered: Data classification; Data segregation; Recoverability. Data Classification How sensitive is the information being stored? Vendor has to protect data to the same standards an FI has internally. Third party reports demonstrate adherence to data protection.

21 Cloud Compliance-Vendor Management Data Segregation Will resources be shared with other clients? Vendor has to ensure integrity and confidentiality. Recoverability Understand how the vendor plans to respond to disasters and provide continued service.

22 Cloud Compliance and BCP Sufficient plans and resources to keep services operating. BCP and Incident Response Plans are linked together. Understand the role played by a cloud service provider during an incident and ensure these responsibilities are documented within the Incident Response Plan.

23 Cloud Compliance and Vendor Management Additional controls may be necessary for cloud service providers who are not familiar with the banking industry and regulatory requirements. FFIEC has advised that it may not be prudent to work with a vendor who is not able or unwilling to meet regulatory requirements. SLAs need to clearly indicate ownership of data. In the event of disengagement, a vendor should be able to demonstrate FI data has been permanently removed. Vendor Risk Assessment.

24 Cloud Compliance and Information Security Revision of policies, standards, and procedures may be necessary. Cloud Computing and Storage Policy Structure of Accountability Data Classification Without data classification system, FIs cannot ensure that data is being protected properly. Risk Assessments Cybersecurity

25 Making Security a Priority Defense in Depth Physical Cyber Environmental Data Center in a mountain 168 feet below ground Naturally fortified Impervious to natural or manmade disasters HNS Physical Security Entrance Controls Scheduled Visitation On Premise Security Team Positive Confirmation Surrender Government ID Access Controls Time of Day Restrictions Swipe Entry Authorized Locations Only Remote Video Monitoring All Access Points Video Recording

26 Making Security a Priority 10 Realms of Cloud Security Services by ERIC CHABROW SEP 26, 2011 Security poses a major challenge to the widespread adoption of cloud computing, yet and association of cloud users and vendors FFIEC Statement on Outsourced Cloud Computing by ADAM CHERNICHAW ADAM ORZECHOWSKI JUL 26, 2012 On July 10, 2012, the Federal Financial Institutions Examination Council (FFIEC)[1] issued a statement (the Cyber Security Concerns Compliance Concerns Executive Level Concerns Customer Concerns

27 Regulation Vs. Risk

28 Making Security a Priority St. Peter s Square during the conclave of Pope Benedict the 16 th

29 Making Security a Priority St. Peter s Square during the conclave of Pope Francis

30 Making Security a Priority 30

31 Making Security a Priority CyberSecurity requires a multi-layered defense involving perimeter protection as well as effective internal protection against malware and data exfiltration, plus user education. Firewall Monitoring & Management Intrusion Prevention Server Management- Host Intrusion Monitoring Advanced Malware Protection esat Employee Security Awareness Training First layer of defense Protect ports of entry to the financial institution Raw traffic analysis Cloud Services DDOS Mitigation Monitor all incoming and outgoing traffic Looking for virus and hacker signatures Provided by Cisco IDS, Fortinet, SonicWall, SourceFire Event log monitoring Vulnerability security scanning Hosted DNS Anomaly Detection Service Effectively blocks malware downloads, unsafe web redirects, data exfiltration, command & control activity and malicious phishing links Web based training w/ quiz & reporting Content updated regularly Separate module for Board members Monthly Security Timely Tips newsletter

32 Threat Intelligence Threat Intelligence The Challenge Subscription Services Mailing Lists Websites Internal Research Industry Organizations Law Enforcement Proprietary Angler Dridex Cryptowall

33 JHA and the Cloud OutLink Processing Services began in 1995 and provides core processing and item processing services. Payment Processing Solutions (PPS) began in 1997 and provides ATM switch and transaction processing services. THE CLOUD IS NOT NEW AT JHA. Internet Solutions (NetTeller ) began in 1997 and provides an extensive catalog of internet and mobile banking solutions. JHA Cloud Services began in 2009 as JHA Hosting Operations and currently manages over 60 Jack Henry products and services. WHY NOW FOR HOSTED NETWORK SERVICES?

34 Jack Henry and Cloud

35 Cloud Delivery

36 YOU MANAGE YOU MANAGE Cloud Delivery ON PREMISES (IN HOUSE) Applications IaaS (i.e HNS) Applications SaaS (i.e OUTLINK) Applications Data Data Data Runtime Middleware O/S Virtualization Servers Storage Networking Runtime Middleware O/S Virtualization Servers Storage Networking MANAGED BY PROVIDER Runtime Middleware O/S Virtualization Servers Storage Networking MANAGED BY PROVIDER

37 HNS Overview

38 Benefits of HNS

39 Benefits of HNS

40 ABC Financial Institution

41 ABC Financial Institution On-Premise Network

42 ABC Financial Institution Migration to HNS

43 Select Only The Services You Need

44 Disaster Avoidance

45 Branson, MO Mountain Host Site

46 Disaster Avoidance

47 Gladiator

48 Data Flow

49 Summary Why Gladiator? Focused solely on the financial industry and regulated by the FFIEC Providing hosting services for over 15 years Publicly traded, financially sound corporation with the capital and commitment to continually invest in infrastructure State of the art data center with experts in security, technology, compliance and banking Seamless integration with JHA products One single point of contact we do it all Significantly reduce your risk of outages

50 Where to Start?

51 Questions and Comments? Thank You for your Time!